How to correctly generate a CSR for SSL

Generate a CSR for SSL/TLS

An SSL certificate can only be generated with a CSR. It contains all the information required for the certificate, such as the domain name and country code. CSR stands for Certificate Signing Request.

What is a CSR?

A CSR is a block of encrypted text you send to the Certificate Authority (CA) to generate an SSL or digital signing certificate. It is most commonly generated in PKCS #10 format.

What information does it contain?

Country Code – The 2 letter ISO code for the country your organization is based.
State/Province – The state or province your organization is based.
Town/City – The town or city your organization is based.
Company/Organisation – Your organization’s legally registered name.
Organisation unit/ Company Division – The organizational department dealing with the certificate. IT Department, Security Department etc.
Common Name – The Fully Qualified Domain Name you are securing.
Email Address – The email address to best contact your organization with.
Key Strength – The RSA Bit encryption strength the SSL certificate will be generated in. For instance, the industry standard RSA 2048 Bit encryption.
Digest Strength – The SHA algorithm strength the SSL certificate will be generated in. For instance, the industry standard SHA256.  

How To Generate A CSR

There are two main ways you can generate a CSR.

First of all, you can create a CSR using the CSR Generator on the Trustico® tools page. Check out my in-depth guide to Trustico’s SSL tools at the following link:
blog.trustico.com/resources/trustico-blog-how-to-guides/trusticos-ssl-tls-tools-how-to-guide.php

Similarly, you can (usually) create the CSR on the server itself. This is sometimes a requirement, depending on server type. You will need to consult your server manual or support service for how to do so as the process is different for each server type .

When entering information in the fields, ensure that all fields are filled. Trustico’s CSR generation tool will not allow you to generate without all fields filled. However, many servers will allow you to do so. We do not recommend this. These details are important for validating certain types of SSL certificate.

Also, when entering your organization name, ensure you enter its full name; exactly as registered with the government. You must include any legal classifiers such as ‘Pty Ltd’ or ‘Limited’.

Furthermore, a Private Key is always generated alongside the CSR for SSL certificate installation. Upon generation, save and store the Private Key in a secure directory where you will not lose it.

Finally, when using your CSR to place an order, make you copy the entire CSR into the ordering system, including ‘being certificate request’ and ‘end certificate request’ like in the example below:

—–BEGIN CERTIFICATE REQUEST—–
MIIC9DCCAdwCAQAwga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEW
MBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTElMCMGA1UECgwcRXhhbXBsZSBPcmdhbml6
YXRpb24gUHR5IEx0ZDELMAkGA1UECwwCSVQxHDAaBgNVBAMME2V4YW1wbGUuZXhh
bXBsZS5zb3kxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5zb3kwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClf9/QHJXJfGgc2Q3p8/hSUxI1
L2tBLqg0AfsTRLLIJn05dVPQsdJiCHTMzi52DJjY3JYk9+FrKzelvDKH/fQReElm
wr4Rmi+1YF4aQdYX/n2Pxpfskevy8Ddtml+kHggHXyFFF/rlSzt6QnGp36IBMHlW
WD7+Dpna5/f4n0ilwgpCUPw0wBESaMzEj+AHqEOF9CfattuJsoyTuA2jMa6lbsgd
rXitwVf8XeqSZ2zI4GXT5K2gWEP/hpJuS54T2J6ztkltoOmEEYGutyfVLZbNakRm
Jja+Qsk1QuRWKGMNDBB4/AUq+6dDwF+ph06Js8/RrRLf47iSiwZwZTOJrtA9AgMB
AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAewsU9KIknJTVK4RllXvjI9f0QUYOk81u
weajjN1bNRcXc0aAEksv61zAD6ly6WNa/alqQ0j9RHcYPLUFgSfUqSAhD5WJbIBL
9V8nl85B4d6bkBP22f9bBNpDor3vuF4iIJA9nKiHIz/ZqhloK9QZd1JhBpssdBvj
O3Y0wVQTe7cIFnKl1g34JrO/O/bG074Wjpx2mHpaiBc9Jmtyzan/coA2rB7BGhs6
PHwXubIBuLad1XsxtQY8VDpeMurJ2PNQAbxsnmxX6NKlN73ITNOII1VqfuTWiNzJ
8PNJFyrQ15Sm7daS3ailoH96JJGje+BueSx+Bgu82WJyI3+7YhMPhA==
—–END CERTIFICATE REQUEST—–

How Useful Was This Post?

Let Us Know How We Are Doing - Click A Star To Rate This Post

Average Vote Rating / 5. Vote Count :